What Is Claude Mythos Preview? New Claude Model Explained

Claude Mythos Preview is Anthropic's most powerful AI model to date, and you cannot use it.

Announced on April 7, 2026, it has already found thousands of critical security vulnerabilities across every major operating system and web browser, including a flaw that went undetected for 27 years.

Access is restricted to a small coalition of named partners for one specific purpose: fixing vulnerabilities before attackers find them first.

‍

Key Takeaways

• Most capable model to date: Claude Mythos Preview is a general-purpose frontier model with advanced coding and reasoning that produces a step-change in cybersecurity capability.
• Not publicly available: Access is restricted to 12 named partner organisations and approximately 40 additional critical infrastructure companies for defensive security work only.
• Thousands of zero-days found: The model identified critical vulnerabilities across every major operating system and browser, some undetected for up to 27 years.
• 83.1% on CyberGym: The leading cybersecurity benchmark, compared to 66.6% for Claude Opus 4.6, Anthropic's previous top model.
• Restriction is deliberate: Anthropic's offensive capability concern is real. Defenders are being given a preparation window through Project Glasswing before wider access.
• Not a security-specific model: Its security capabilities come from advanced general coding and reasoning, not a targeted fine-tune for cybersecurity.

‍

What Exactly Is Claude Mythos Preview?

Claude Mythos Preview is a general-purpose, unreleased frontier model from Anthropic, announced April 7, 2026, as the core of Project Glasswing. It sits above Claude Opus in Anthropic's model hierarchy and is described as the most powerful model the company has built.

The word "Preview" is deliberate. This is not a finished commercial product. It is a controlled-access version made available to a specific set of partners for a specific purpose, while Anthropic continues evaluating its capabilities and the risks they carry.

• Position in the lineup: Mythos Preview sits above Opus 4.6 in Anthropic's model family, representing a meaningful capability jump rather than an incremental improvement.
• How it was revealed: Mythos was first leaked in late March 2026 when a misconfiguration in Anthropic's content management system exposed internal documents describing the model as "larger and more intelligent" than the Opus family.
• The formal announcement: Anthropic announced Mythos Preview officially on April 7, 2026, alongside the launch of Project Glasswing, the initiative built around it.

"Preview" in this context is not a roadmap signal. It means access is restricted, scope is defined, and the broader release decision has not yet been made.

‍

What Makes Claude Mythos Preview Different From Previous Claude Models?

The gap between Mythos Preview and its predecessor is not marginal. Claude Opus 4.6 scores 66.6% on CyberGym, the leading benchmark for evaluating AI on vulnerability analysis tasks. Claude Mythos Preview scores 83.1%. A 16.5 percentage point jump in a domain where single-digit improvements are the norm.

But the benchmark number is not the most significant difference. The exploit conversion rate is.

• CyberGym benchmark gap: Mythos scores 83.1% vs 66.6% for Opus 4.6, a 16.5 point difference on the field's leading security evaluation benchmark.
• Exploit conversion rate: On Firefox's JavaScript shell, Mythos converts 72.4% of identified vulnerabilities into working exploits. Previous Claude models could identify vulnerabilities but, in Anthropic's own words, "usually fail miserably" at turning them into exploits.
• Not a security-specific model: Its capabilities are a product of advanced general coding and reasoning, not a purpose-built security tool, which makes the implications broader than a single domain.

That last point is the one with the longest tail. Every future model that improves at general coding will implicitly improve at vulnerability discovery and exploitation. Mythos Preview is not a special case, it is where the trajectory of general AI capability is heading.

As a member of the Anthropic Claude Partner Network, LowCode Agency follows the development of frontier models closely, particularly where their capabilities intersect with the systems our clients build and maintain.

‍

What Has Claude Mythos Preview Already Found?

"Thousands of zero-day vulnerabilities" is a large and abstract claim. Anthropic has made three specific examples concrete, each of which has now been patched.

A zero-day is a vulnerability previously unknown to the software's developers, meaning there is no existing fix when it is discovered, and any attacker who finds it independently can exploit it immediately.

• OpenBSD, 27-year-old vulnerability: OpenBSD is one of the most security-hardened operating systems in the world, used to run firewalls and critical infrastructure. Mythos found a flaw that allowed an attacker to remotely crash any machine simply by connecting to it. It had been present for 27 years.
• FFmpeg, 16-year-old vulnerability: FFmpeg is the video encoding and decoding library used by countless applications. Mythos found a flaw in a single line of code that automated testing tools had processed five million times without detecting it. The flaw was 16 years old.
• Linux kernel chain: Mythos autonomously chained multiple Linux kernel vulnerabilities together to allow escalation from ordinary user access to complete control of the machine, demonstrating multi-step reasoning across a complex codebase.

All three have been patched. For thousands of additional vulnerabilities still in the responsible disclosure process, Anthropic has published cryptographic hashes of the details, with full technical disclosure to follow once fixes are in place.

‍

Why Is Claude Mythos Preview Not Available to the Public?

The restriction is not a product delay. It is a calculated safety decision based on a specific risk calculation.

The same capabilities that make Mythos Preview invaluable for defensive security make it dangerous in the wrong hands. A model that autonomously chains Linux kernel vulnerabilities and converts 72.4% of identified Firefox flaws into working exploits, if publicly available, would give attackers a capability that significantly outpaces defenders.

• The dual-use problem: Finding and fixing vulnerabilities and finding and exploiting them are the same task. The model cannot be made useful for one without also being useful for the other.
• The defenders-first strategy: Restricting access to organisations that build or maintain critical software infrastructure gives defenders a preparation window before models of this capability become widely available.
• Government engagement: Anthropic is in ongoing discussions with US government officials including the Cybersecurity and Infrastructure Security Agency (CISA) and the Center for AI Standards and Innovation about Mythos Preview's capabilities.
• The name Project Glasswing: Anthropic employees chose the name after the glasswing butterfly, whose transparent wings make it difficult to see, a metaphor for software vulnerabilities, which are "relatively invisible," present in code for years or decades without detection.

The restriction is temporary by design. Anthropic's stated aim is to use the Project Glasswing period as a controlled experiment in responsible deployment, learning how models of this capability can eventually be deployed at broader scale.

‍

Who Has Access to Claude Mythos Preview?

Access is structured in two tiers: 12 publicly named launch partners and approximately 40 additional organisations whose names have not been disclosed.

All participants are using Mythos Preview specifically for defensive security work. The terms are explicit: this is not a general-purpose commercial deployment.

‍

• Anthropic's financial commitment: Up to $100 million in usage credits for Project Glasswing participants, with partners paying beyond that threshold. Additionally, $4 million in direct donations to open-source security organisations.
• Knowledge sharing: Anthropic has committed to sharing what it and its partners learn through Project Glasswing so the broader industry, not just coalition members, can benefit.
• Scale of the broader group: Approximately 40 additional organisations beyond the named 12 have been granted access, all building or maintaining critical software infrastructure.

The coalition structure is deliberate. Cisco's Chief Security Officer stated that AI capabilities in cybersecurity are "too important and too urgent to do alone." The goal is to raise the defensive baseline across the entire industry, not give a competitive advantage to specific companies.

‍

What Does Claude Mythos Preview Mean for Cybersecurity?

Claude Mythos Preview arrives in a threat landscape that is already accelerating. CrowdStrike's 2026 Global Threat Report found an 89% year-over-year increase in attacks by adversaries using AI. Mythos Preview does not create this trend. It clarifies its trajectory.

The capability threshold it represents changes the economics of both attack and defence.

• The threat side: Anthropic states that "the window between a vulnerability being discovered and being exploited has collapsed, what once took months now happens in minutes with AI." The cost and expertise required to find and exploit vulnerabilities has dropped dramatically.
• The opportunity side: Jim Zemlin of the Linux Foundation noted that security expertise "was historically something large enterprises could afford but remained out of reach for smaller companies and open-source projects." Mythos Preview changes that calculus at scale.
• The timeline pressure: Anthropic explicitly states that similar capabilities will "proliferate, potentially beyond actors who are committed to deploying them safely" within a short window. Project Glasswing is an attempt to use the current period productively.
• The arms race is now AI-driven: Attackers and defenders are no longer competing primarily on human skill and team size. They are competing on AI capability. Mythos Preview is the clearest evidence yet that this transition has already happened.

‍

What Does Claude Mythos Preview Mean for AI Development?

Mythos Preview is a general-purpose model whose security capability is a byproduct of advanced general coding and reasoning. That is the most significant thing about it from an AI development perspective.

It means every future frontier model that improves at coding and reasoning will implicitly improve at vulnerability discovery and exploitation. The cybersecurity implications of Mythos are not specific to Mythos, they are a function of where general AI capability is heading, and they will compound with each new model generation.

• General capability, specific implications: Mythos was not trained for security. Its security performance is what general coding and reasoning looks like at this capability level.
• A new deployment model: Restricted preview to a defensive coalition, with active knowledge sharing and government engagement, is a different approach from both full public release and simple withholding. Whether it works at scale is what Project Glasswing is designed to test.
• Not permanent restriction: Anthropic's aim is to learn how Mythos-class models can eventually be deployed more broadly, using the Project Glasswing period as a controlled experiment in responsible deployment of a capability that, as they note, cannot be put back in the bottle.

For more detail on the specific vulnerabilities found and the technical methodology Mythos Preview uses, Anthropic's Frontier Red Team blog at red.anthropic.com/2026/mythos-preview covers the full technical account.

‍

Conclusion

Claude Mythos Preview is not a standard model launch. It is the clearest signal yet that frontier AI capability has crossed a threshold with real-world security consequences.

The restriction is the point. Anthropic is not withholding a product. It is managing a capability that carries genuine dual-use risk in a way that prioritises defence over access.

Whether that approach proves sufficient depends on how quickly the vulnerabilities being found can be patched, and how long the window between defenders and attackers actually lasts.

‍

Building AI Systems That Are Ready for a Post-Mythos World

Claude Mythos Preview changes what businesses need to know about AI capability. The frontier has moved faster than most organisations expected, and the gap between what leading models can do and what most businesses have planned for is widening.

At LowCode Agency, we are a strategic product team, not a dev shop. We help businesses understand where AI capability is heading and build systems that are designed for where the technology is going, not just where it is today.

• AI capability awareness: We track frontier model developments and translate them into concrete implications for the systems our clients build and maintain.
• AI-powered product development: We build custom AI-integrated tools on Bubble, FlutterFlow, and Webflow that are designed to evolve as underlying model capabilities improve.
• Workflow automation: We design and deploy automation systems using Make, n8n, and Zapier that are built on current model capabilities with room to grow.
• AI agent development: We build custom AI agents for business workflows that leverage the best available models for each specific task and use case.
• Security-aware architecture: We design AI-powered systems with data handling, access controls, and audit trails built in from the start, not added after deployment.
• Strategic AI consulting: We help leadership teams understand what frontier AI developments mean for their specific industry and product decisions, before they make commitments based on outdated assumptions.
• Full product team: Strategy, design, development, and QA from a single team that is invested in your outcome, not just the delivery.

We have built 350+ products for clients including Coca-Cola, American Express, and Medtronic. We have been an Anthropic Claude Partner Network member since the partnership launched, giving us direct access to model capability updates as they happen.

If you are making AI infrastructure decisions and want to make sure they are built on an accurate picture of where frontier capability actually is, let's start that conversation.